[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate

Subject: Re: [tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 31 May 2017 21:47:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 31 May 2017 17:47:46 -0400
In-reply-to: <044.d46b39de1e511866d016654e85e4b2d7@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.d46b39de1e511866d016654e85e4b2d7@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22460: Received a bad CERTS cell: Link certificate does not match TLS certificate
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.3.1.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tor-relay certs handshake ed25519    |  Actual Points:
  needs-analysis 030-backport                    |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by nickm):

 The above explanation explains the "At least one Ed25519 certificate was
 badly signed" thing, and it explains the "Link certificate does not match
 TLS certificate" thing.

 I bet that the "The link certificate didn't match the TLS public key"
 thing is similar, but I'm not sure.  More investigation needed.

 The "Crosscert is expired" case is still mysterious.  It looks as if we
 were passing 0 or -1 to load_ed_keys() for "now", but looking at the code
 in maint-0.3.0, I don't see how we could actually do that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22460#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #22144 [- Select a component]: Twitter direct messages not working in Tor Browser 6.5.2
Next by Author: Re: [tor-bugs] #11045 [Core Tor/Stem]: Check consensus signatures
Previous by thread: Re: [tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
Next by thread: Re: [tor-bugs] #22460 [Core Tor/Tor]: Received a bad CERTS cell: Link certificate does not match TLS certificate
Index(es):
- Author
- Thread